viveksantayana/ska-referee-test
viveksantayana/ska-referee-test
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 19 Wiki Activity

Production debug

Browse Source
This commit is contained in:
Vivek Santayana 2022-06-17 12:58:46 +01:00
parent 73f31016fd
commit 067ef4fd7f
4 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -70,7 +70,7 @@ Also make sure that the various entries for usernames and passwords match.
#### Input Specific Values for Your Installation #### Input Specific Values for Your Installation
There are some values in the following three files you will need to configure to reflect the domain you are installing this app. There are some values in the following four files you will need to configure to reflect the domain you are installing this app.
``` ```
# .env # .env
@ -85,7 +85,17 @@ domains=(example.org www.example.org)
email="" # Adding a valid address is strongly recommended email="" # Adding a valid address is strongly recommended
``` ```
And four locations in the following file, two for the regular version of the domain and two for the www version: Substitute the domain name `domain_name` in the two file paths in the following file:
```
# nginx/ssl.conf
ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem;
...
```
And **six** locations in the following file, two for the regular version of the domain and two for the www version:
``` ```
# nginx/conf.d/ref-test-app.conf # nginx/conf.d/ref-test-app.conf
@ -105,13 +115,20 @@ server {
server { server {
server_name www.domain_name; server_name www.domain_name;
listen 80; listen 80;
... listen [::]:80;
# Redirect to non-www
return 301 $scheme://domain_name$request_uri; ...
} }
server { server {
server_name www.domain_name; server_name www.domain_name;
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2;
... ...
# Redirect to non-www
return 301 $scheme://domain_name$request_uri;
} }
``` ```
@ -127,6 +144,8 @@ $ chmod +x install-script.sh
$ sudo ./install-script.sh $ sudo ./install-script.sh
``` ```
This will take a long time to run the first time because it will try and generate a fairly sizeable cypher.
When we later run the server, Certbot will check for renewals of the SSL certificates every 12 hours, and Nginx will reload the configurations every 6 hours, to make sure everything runs smoothly and stays live. When we later run the server, Certbot will check for renewals of the SSL certificates every 12 hours, and Nginx will reload the configurations every 6 hours, to make sure everything runs smoothly and stays live.
#### Run the Stack #### Run the Stack

4
docker-compose.yml
View File

@ -18,7 +18,7 @@ services:
networks: networks:
- frontend - frontend
depends_on: depends_on:
- ref_test_app - app
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
app: app:
@ -36,7 +36,7 @@ services:
- frontend - frontend
- backend - backend
depends_on: depends_on:
- ref_test_postfix - postfix
postfix: postfix:
container_name: ref_test_postfix container_name: ref_test_postfix

15
install-script.sh
View File

@ -23,13 +23,13 @@ fi
if [ ! -e "$data_path/ssl-dhparams.pem" ]; then if [ ! -e "$data_path/ssl-dhparams.pem" ]; then
echo "### Generating ssl-dhparams.pem ..." echo "### Generating ssl-dhparams.pem ..."
docker compose run --rm --entrypoint "\ docker compose run --rm --entrypoint "\
openssl dhparam 4096 -out /etc/letsencrypt/ssl-dhparams.pem" certbot openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 4096" certbot
echo echo
fi fi
echo "### Creating dummy certificate for $domains ..." echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains" path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains" mkdir -p "$data_path/live/$domains"
docker compose run --rm --entrypoint "\ docker compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\ openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
-keyout '$path/privkey.pem' \ -keyout '$path/privkey.pem' \
@ -37,6 +37,15 @@ docker compose run --rm --entrypoint "\
-subj '/CN=localhost'" certbot -subj '/CN=localhost'" certbot
echo echo
if [ ! -e "$data_path/lets-encrypt-x3-cross-signed.pem" ]; then
echo "### Downloading lets-encrypt-x3-cross-signed.pem ..."
wget -O $data_path/lets-encrypt-x3-cross-signed.pem \
"https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
docker compose run --rm --entrypoint "\
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 4096" certbot
echo
fi
echo "### Starting nginx ..." echo "### Starting nginx ..."
docker compose up --force-recreate -d nginx docker compose up --force-recreate -d nginx
echo echo
@ -65,7 +74,7 @@ esac
if [ $staging != "0" ]; then staging_arg="--staging"; fi if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker compose run --rm --entrypoint "\ docker compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \ certbot certonly --webroot -w /var/www/html \
$staging_arg \ $staging_arg \
$email_arg \ $email_arg \
$domain_args \ $domain_args \

6
nginx/conf.d/ref-test-app.conf
View File

@ -30,7 +30,7 @@ server {
} }
location / { location / {
include /etc/nginx/conf.d/common-location.conf; include /etc/nginx/conf.d/proxy_headers.conf;
proxy_pass http://reftest; proxy_pass http://reftest;
} }
} }
@ -40,7 +40,7 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
# Redirect to non-www # Redirect to non-www
return 301 $scheme://example.com$request_uri; return 301 $scheme://domain_name$request_uri;
} }
server { server {
@ -53,5 +53,5 @@ server {
include /etc/nginx/certbot-challenge.conf; include /etc/nginx/certbot-challenge.conf;
# Redirect to non-www # Redirect to non-www
return 301 $scheme://example.com$request_uri; return 301 $scheme://domain_name$request_uri;
} }